Advancing Video Application Attacks with Video Interception, Recording, and Replay

Presented at DEF CON 17 (2009), July 31, 2009, 2 p.m. (50 minutes)

New video applications promise many exciting cost-saving benefits, but they also bring with them a host of security challenges and vulnerabilities. This session applies existing techniques for VoIP eavesdropping towards next generation attacks against Unified Communication technologies, such as intercepting and recording private video conferences, IP video surveillance systems, and other video collaboration technology. This presentation will focus primarily on informative and insightful live demos that show targeted video attacks and issues that put video application traffic at risk. We will focus on the following: First public demonstration of a new version of UCSniff - 3.0, a Windows port of the code, with enhanced video eavesdropping features. UCSniff 3.0 will be publicly released as a free assessment tool that will enable security professionals to more rapidly remediate video based vulnerabilities. A new version of a second free assessment too, "VideoJak," with two new video exploits. We will demonstrate the ability to target a video session display with a user-selected video clip that is played against a targeted video phone. Next, a previously captured, "safe" video stream will be played against a targeted phone in a loop. This has exciting ramifications for IP video surveillance and security systems that monitor a room for activity and display to the user as a video application. A new free assessment tool, videosnarf, which takes an offline pcap as input, and outputs any detected video streams into separate avi video files. This is useful for capturing video sessions with other tools (ettercap, wireshark) and being able to play them at an attacker's leisure. A surprise tip that we have learned through VoIP pentesting of production enterprise networks. This trick enhances one's ability to target specific VoIP users clandestinely. Other VoIP goodness may follow this. Note that all the tools to be demonstrated are open source, available to the security community at large and that we do not distribute them in any commercial way.

Presenters:

• Arjun Sambamoorthy - Research Engineer, Sipera Systems, Inc.
  Arjun Sambamoorthy is a Vulnerability Research Engineer in the Sipera VIPER Lab. He is a graduate of University of Texas, Dallas, and a key developer and co-author of the UCSniff tool.
• Jason Ostrom - Director, VIPER Lab Sipera Systems, Inc.
  Jason Ostrom, CCIE #15239, is Director of Sipera VIPER (Voice over IP Exploit Research) Lab. He is a graduate of the University of Michigan, Ann Arbor and author of the "VoIP Hopper" assessment tool. Ostrom has over 12 years experience in technology fields such as network infrastructure, programming, and penetration testing.

Links:

• https://defcon.org/html/defcon-17/dc-17-speakers.html#Ostrom
• https://www.youtube.com/watch?v=Lq_W228syPE
• https://www.youtube.com/watch?v=XLsoEZzHqjE

Similar Presentations:

• SAINTCON 2019 / The Evolution of Video Surveillance: using AI and Machine Learning to Leverage Cameras as a Sensor
• Black Hat USA 2016 / Viral Video - Exploiting SSRF in Video Converters
• Black Hat Europe 2018 / Video Killed the Text Star: OSINT Approach